api: deny unknown fields in requests

Use serde's deny_unknown_fields feature to cause an error when
attempting to deserialize requests with invalid fields in the json
payload.

Fixes #359

Signed-off-by: Alexandra Iordache <[email protected]>

Author: Alexandra Iordache

api_server/src/request/async/mod.rs

@@ -32,6 +32,7 @@ pub enum DeviceType {
 
 // Represents the associated json block from the async request body.
 #[derive(Debug, Deserialize, Serialize)]
+#[serde(deny_unknown_fields)]
 struct InstanceDeviceDetachAction {
     device_type: DeviceType,
     device_resource_id: String,
@@ -50,6 +51,7 @@ pub enum AsyncActionType {
 // The model of the json body from an async request. We use Serde to transform each associated
 // json body into this.
 #[derive(Debug, Deserialize, Serialize)]
+#[serde(deny_unknown_fields)]
 pub struct AsyncRequestBody {
     action_id: String,
     action_type: AsyncActionType,

api_server/src/request/instance_info.rs

@@ -1,4 +1,4 @@
-#[derive(Clone, Debug, Deserialize, PartialEq, Serialize)]
+#[derive(Clone, Debug, PartialEq, Serialize)]
 pub enum InstanceState {
     Uninitialized,
     Starting,
@@ -8,7 +8,7 @@ pub enum InstanceState {
 }
 
 // This struct represents the strongly typed equivalent of the json body of InstanceInfo
-#[derive(Debug, Deserialize, Serialize)]
+#[derive(Debug, Serialize)]
 pub struct InstanceInfo {
     pub state: InstanceState,
 }

api_server/src/request/sync/boot_source.rs

@@ -13,11 +13,13 @@ pub enum BootSourceType {
 }
 
 #[derive(Debug, Deserialize, PartialEq, Serialize)]
+#[serde(deny_unknown_fields)]
 pub struct LocalImage {
     pub kernel_image_path: String,
 }
 
 #[derive(Debug, Deserialize, PartialEq, Serialize)]
+#[serde(deny_unknown_fields)]
 pub struct BootSourceBody {
     boot_source_id: String,
     source_type: BootSourceType,

api_server/src/request/sync/drive.rs

@@ -18,6 +18,7 @@ pub enum DrivePermissions {
 // This struct represents the strongly typed equivalent of the json body from drive
 // related requests.
 #[derive(Clone, Debug, Deserialize, PartialEq, Serialize)]
+#[serde(deny_unknown_fields)]
 pub struct DriveDescription {
     pub drive_id: String,
     pub path_on_host: String,

api_server/src/request/sync/logger.rs

@@ -16,6 +16,7 @@ pub enum APILoggerLevel {
 }
 
 #[derive(Clone, Debug, Deserialize, PartialEq, Serialize)]
+#[serde(deny_unknown_fields)]
 pub struct APILoggerDescription {
     pub path: String,
     #[serde(skip_serializing_if = "Option::is_none")]

api_server/src/request/sync/net.rs

@@ -10,6 +10,7 @@ use request::ParsedRequest;
 // This struct represents the strongly typed equivalent of the json body from net iface
 // related requests.
 #[derive(Clone, Debug, Deserialize, PartialEq, Serialize)]
+#[serde(deny_unknown_fields)]
 pub struct NetworkInterfaceBody {
     pub iface_id: String,
     pub state: DeviceState,

api_server/src/request/sync/rate_limiter.rs

@@ -4,6 +4,7 @@ use fc_util::ratelimiter::RateLimiter;
 
 // This struct represents the strongly typed equivalent of the json body for TokenBucket
 #[derive(Clone, Debug, Deserialize, PartialEq, Serialize)]
+#[serde(deny_unknown_fields)]
 pub struct TokenBucketDescription {
     pub size: u64,
     pub refill_time: u64,
@@ -20,6 +21,7 @@ impl Default for TokenBucketDescription {
 
 // This struct represents the strongly typed equivalent of the json body for RateLimiter
 #[derive(Clone, Debug, Default, Deserialize, PartialEq, Serialize)]
+#[serde(deny_unknown_fields)]
 pub struct RateLimiterDescription {
     #[serde(skip_serializing_if = "Option::is_none")]
     pub bandwidth: Option<TokenBucketDescription>,

data_model/src/vm/machine_config.rs

@@ -1,6 +1,7 @@
 use std::fmt;
 
 #[derive(Clone, Debug, Deserialize, PartialEq, Serialize)]
+#[serde(deny_unknown_fields)]
 pub struct MachineConfiguration {
     #[serde(skip_serializing_if = "Option::is_none")]
     pub vcpu_count: Option<u8>,